Embed Size (px)
Citation preview
Chapter 3: Types of Cyber Attacks
• Expand the definition of cyberspace to include:– hardware like computers, printers, scanners,
servers and communication media – software that includes application and special
programs, system backups and diagnostic programs, and system programs like operating systems and protocols
– data in storage, transition, or undergoing modification
– people that include users, system administrators, and hardware and software manufacturers
– documentation which includes user information for hardware and software, administrative procedures, and policy documents, and
– supplies that include paper and printer cartridges
• A cyber threats is an intended or unintended illegal activity, an unavoidable or inadvertent event that has the potential or could lead to unpredictable, unintended, and adverse consequences on a cyberspace resource.
•
• Most cyber attacks can be put in one of the following categories:– Natural or Inadvertent attack – including things
like include accidents originating from natural disaster like fire, floods, windstorms, lightening and earthquakes, and they usually occur very quickly without warning, and are beyond human capacity, often causing serious damage
– Human blunders, errors, and omissions – including things like unintentional human actions
– Intentional threats like illegal or criminal acts from either insiders or outsiders, recreational hackers, and criminal
• Types of e-attacks:– Penetration Attack Type -involves breaking into
a system using known security vulnerabilities to gain access to any cyberspace resource –
• There is steady growth of these attacks – see the CERT Report below.
020004000600080001000012000
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
2000
Years
Num
ber
of In
cide
nts
– Denial of Service Attacks – they affect the system through diminishing the system’s ability to function; hence, they are capable of bringing a system down without destroying its resources
• Motives of E-attacks– Vendetta/Revenge – Joke/Hoax/Prank – The Hacker's Ethics - This is a collection of motives that
make up the hacker character – Terrorism – Political and Military Espionage – Business ( Competition) Espionage – Hate (national origin, gender, and race)– Personal gain/Fame/Fun/Notoriety – Ignorance
• Topography of Attacks – One-to-One – One-to-Many – Many-to-One – Many-to-Many
• Behavioral Forensics – an analysis of the motives and reasons why such attacks occur. The analysis is based on the postmortem of data (historical data).
• Study the most (current) common security threats.
